Solved

VERY STRANGE Image Size behavior (when PHP script sends image to browser)

Posted on 2003-11-24
6
242 Views
Last Modified: 2008-03-17
I'm using a PHP Script to read a file from outside of the document root, and sends it to the browser.

The problem is that I.E. Does not correctly "understand" the size fo the image (when I right click and select properties it says "Not Specified".  

I've tracked this down to the fact that I am calling session_start() before sending the image.  As a result, the session cookie is sent to the browser before the image data and when this happens, i.e. doesn't correctly understand the image size (for some bizarr reason).

At any rate, if I simply comment out this line, the image works EXACTLY as though it's accessed directly (not through the script).  The problem is that I need data from the session to determine which image to show.

So - my question is:

1) Is there any way to access the session data without sending a session cookie to the browser (just from my "picture" script).

2) Does anyone understand why this causes a problem in I.E. and is there any other way around it?

Thank you in advance for any help you can provide.  The script is included below:

picture.php:
            session_start();
            $filename = "/tmp/files/" . $_SESSION['filename'];
            header("Accept-Ranges: bytes");
            header("Content-Length: " . filesize($filename));
            header("Connection: close");
            header("Content-Disposition: inline; filename=" . $_SESSION['filename']);
            header("Content-Type: image/gif");
            $fd = fopen ($filename, "r");
            echo fread ($fd, filesize ($filename));
            fclose ($fd);


Again - All I have to do is just // session_start() and everything works PERFECTLY.  

Thoughts?
0
Comment
Question by:kalliopi
  • 3
  • 2
6 Comments
 
LVL 3

Expert Comment

by:ashoooo
ID: 9813419
Can you wrap your image in an HTML file? for eg...

picture.php:
          session_start();
          <html><head></head>
          <body><img src="pictureGen.php?name=<?php echo$_SESSION[filename]; ?>"></body></html>


pictureGen.php:
          $filename = "/tmp/files/" . $_GET['filename'];   // $_SESSION['filename'] has been changed to $_GET['name']
          header("Accept-Ranges: bytes");
          header("Content-Length: " . filesize($filename));
          header("Connection: close");
          header("Content-Disposition: inline; filename=" . $_GET['name']);
          header("Content-Type: image/gif");
          $fd = fopen ($filename, "r");
          echo fread ($fd, filesize ($filename));
          fclose ($fd);

This is just a workaround...
0
 
LVL 6

Author Comment

by:kalliopi
ID: 9813799
Thanks for the input.  I probably should have been more clear.  The whole reason for needing the session data is for security purposes.  I don't want to have to pass the filename to the file for security purposes.  The session looks up the filename in a database and verifies that the user who's logged in (also tracked in the session) has access to that file.  If I pass the filename and just print whatever's passed, the security would be lost and the person viewing the picture would be able to look at any file in the /tmp/files directory.  Does that make sense?  

It seems like I should be able to READ the session data (from a particular script) without sending the session cookie data back to the client (just from that one script).  I just don't know how to do that.  I've tried working with output buffering, and then clearning the output buffer right before sending the image data but unfortunately, output buffering does not appear to effect header data...

Thoughts?
0
 
LVL 6

Expert Comment

by:aolXFT
ID: 9813914
Hmmm,

The cookie should be already on the client, and you shouldn't have to send it again, so all you want to do is read the cookie, and not resend it.

One possible workaround would be to tell sessions in that particular file not to use cookies. You might then have to copy the data from $_COOKIE to $_GET(or $_REQUEST), to fool PHP  into thinking that the SID had come from a GET(or POST) variable, and not the cookie, before calling session_start().

Let us know if it works.
0
ScreenConnect 6.0 Free Trial

Discover new time-saving features in one game-changing release, ScreenConnect 6.0, based on partner feedback. New features include a redesigned UI, app configurations and chat acknowledgement to improve customer engagement!

 
LVL 6

Author Comment

by:kalliopi
ID: 9814508
aolXFT - this looks promising and I played around a little bit with turning cookies off for that specific file, but I couldn't figure it out specifically.

Can you be a little bit more explicit?
0
 
LVL 6

Accepted Solution

by:
aolXFT earned 250 total points
ID: 9827385
I haven't much time right now, but try

ini_set('session.use_cookies', 0);
session_start();


0
 
LVL 6

Author Comment

by:kalliopi
ID: 9827861
Thank you aolXFT - that was perfect.  It did EXACTLY what I wanted.  I actually had to also add ini_set('session.cache_limiter', ''); as well, but you certainly pointed me in the right directly.  

That's AWESOME.  Thank you.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question